Customer Case Study - WhiteHat Security

1 downloads 274 Views 386KB Size Report
Jul 29, 2016 - N11.com had been a WhiteHat Sentinel Dynamic (DAST) customer for quite some time, using the product to sc
Customer Case Study N11.com is one of the largest e-commerce platforms offering retail services in Turkey. The website networks with hundreds of merchants to provide users with a wide selection of products under the categories of beauty and fashion, electronics, textiles, home and living, sports and outdoor, automotive, and more.

N11 Project Background N11.com had been a WhiteHat Sentinel Dynamic (DAST) customer for quite some time, using

WHITEHAT SAST KEY BENEFITS •

Assess code at any point in the development cycle – even partial code



Run scheduled assessments daily or on demand



Scan source code from any repository on premises



Rule Packs identify and verify vulnerability defects



Backed by Threat Research Center consultation

the product to scan their production web applications. However, challenged by their board and parent company to comply with PCI DSS guidelines and reduce risks earlier in their software development lifecycle, N11 went back to the marketplace to review and select an application security solution to support their rapid build of a new infrastructure and security development. N11’s security engineering team initially looked at and tested a number of vendors for a Static Application Security Testing (SAST) solution, then selected WhiteHat Security’s Sentinel Source.

It’s a powerful tool for finding vulnerabilities, with a low level of false positive results, It is fast, reliable, and produces verified vulnerability results.

WHITEHAT SAST KEY DIFFERENTIATION •

Advanced analytic capabilities to monitor trends and key statistics like remediation rate, time to fix vulnerabilities, and age of vulnerabilities



WhiteHat Sentinel PE, SE and BE services exceed requirements of PCI DSS by providing ongoing, verified vulnerability assessments for both internal and public websites



Open XML API integration with bug tracking systems, SIEMs, GRC, and WAF products

Esat Caglayan - Senior Security Engineer, N11

The Use Case As a current WhiteHat customer using DAST, N11 had a great experience from the results generated to find issues which needed fixing or patching in their active production web applications. “It’s a powerful tool for finding vulnerabilities, with a low level of false positive results,” says Esat Caglayan, Senior Security Engineer at N11. “It is fast, reliable, and produces verified vulnerability results.” In early 2016, and with the rapid continuing expansion of the business, N11’s team of web and application developers were challenged to move ever faster to keep up with the demands of a July 29, 2016

n11.com

C A SE ST U DY

business with exponential growth year over year. (In January 2016 N11.com had over 6 million members with 27 million products online, averaging over 15 million hits per month and growing.) Their development team needed to get ahead and stay ahead of new business by testing and validating applications while still in the software development lifecycle, resulting in greater security confidence before the applications being worked on were pushed into live production. WhiteHat Security provided a proof of concept instance of the Sentinel Source solution. This leading-edge SAST service scans the source code, identifies vulnerabilities, and then provides detailed descriptions of those vulnerabilities and their remediation advice as well as ready-to-implement solutions for each exposure. WhiteHat’s Threat Research Center (TRC) validates every potential vulnerability found through N11’s code scanning and groups them to avoid duplicates, helping focus remediation efforts on verified actual bugs and defects. N11 purchased premium support, engaging the combination of technology and human intelligence which curated findings, reduced duplicative efforts and chasing false positives, as well as interactive chat functions for question and answers for remediation guidance.

The Results WhiteHat’s DAST and SAST solutions are an important part of N11’s vulnerability management strategy for software development and compliance reporting. Having all the software code and live applications being continuously scanned for vulnerabilities by the WhiteHat Threat Research Centre and by having access to the verified information from one platform has resulted in greater security, compliance and over productivity for N11.com.

The WhiteHat human intelligence factor is key to us. Learning what recurring vulnerabilities are being introduced is important, and our developers are learning how to avoid them now which saves time and effort. They’re able to work faster with the fixes to the problems identified within the Sentinel portal. The whole solution was easy to get operational and is easy to use. In an online marketplace where speed to production is important, WhiteHat supports N11’s vision and goals of being fast to market while helping keep our customers safe. Esat Caglayan - Senior Security Engineer, N11

About WhiteHat Security WhiteHat Security combines advanced technology with the expertise of its global Threat Research Center team to deliver application security solutions that reduce risk, reduce cost and accelerate the deployment of secure applications and web sites. The company’s flagship product, WhiteHat Sentinel, provides dynamic, static and mobile application security testing.

WHITEHAT SECURITY, INC. 3970 Freedom Circle Santa Clara, CA 95054 • 1.408.343.8300 • www.whitehatsec.com © 2016 WhiteHat Security, Inc. All rights reserved. WhiteHat Security and the WhiteHat Security logo are registered trademarks of WhiteHat Security, Inc. All other trademarks are the property of their respective owners.

072916